Office Action Predictor
Last updated: April 16, 2026
Application No. 18/606,029

Systems and methods for cloud security system assistance utilizing custom Large Language Models (LLMs)

Final Rejection §103
Filed
Mar 15, 2024
Examiner
HLAING, SOE MIN
Art Unit
2451
Tech Center
2400 — Computer Networks
Assignee
Zscaler, INC.
OA Round
2 (Final)
82%
Grant Probability
Favorable
3-4
OA Rounds
2y 6m
To Grant
99%
With Interview

Examiner Intelligence

Grants 82% — above average
82%
Career Allow Rate
288 granted / 353 resolved
+23.6% vs TC avg
Strong +18% interview lift
Without
With
+17.5%
Interview Lift
resolved cases with interview
Typical timeline
2y 6m
Avg Prosecution
18 currently pending
Career history
371
Total Applications
across all art units

Statute-Specific Performance

§101
7.3%
-32.7% vs TC avg
§103
60.2%
+20.2% vs TC avg
§102
15.2%
-24.8% vs TC avg
§112
5.7%
-34.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 353 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments The applicant's arguments/remarks, see page 7-9, filed 10/10/2025, with respect to 35 U.S.C 102 and 103 rejections of Claims 1-20 have been fully considered but are moot in view of the new ground(s) of rejection. The arguments/remarks are essentially directed towards the newly introduced limitations and they are addressed in this Office Action, below. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 2, 3, 10, 11, 12, 13 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mukherjee et al. (US PG PUB 20240354436), hereinafter "Mukherjee", in views of Davraev et al. (US PG PUB 20250088517), hereinafter "Davraev", further in views of Tran (US PG PUB 20230252224), hereinafter "Tran". Regarding Claims 1 and 11, Mukherjee discloses: (Claim 1) A method comprising steps of: (Claim 11) A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors (i.e. one or more computer-readable storage mediums having program instructions embodied therewith, and one or more processors configured to execute the program instructions to cause the systems and/or computer systems to perform operations) (¶ 0017) to perform steps of: providing a cloud-based security solution for an enterprise via a cloud-based system (i.e. method/system may provide cloud managed security/permission aware [i.e. cloud-based security solution] document search service [i.e. an enterprise] via a cloud-based document search system [i.e. a cloud-based system]) (Fig. 1A, ¶ 0007, ¶ 0045, ¶ 0054 and ¶ 0072); displaying a User Interface (UI) associated with the cloud-based security solution having a chatbot (i.e. the method/system may display user interface 700 [i.e. a User Interface (UI)] associated with the cloud managed security/permission aware [i.e. cloud-based security solution] document search service having PalBOT [i.e. a chatbot]) (806 - Fig. 8, Fig. 9 and ¶ 0150 - 0151), wherein the chatbot is configured to allow a user associated with the enterprise to enter a question (i.e. PalBOT [i.e. the chatbot] allows a user, e.g. User A, using the document search service [i.e. associated with the enterprise] to enter a question, e.g. What are their products) (902 & 904 – Fig. 9 and ¶ 0154); and responsive to receiving a question from a user via the chatbot, generating a detailed response to the question via a custom Large Language Model (LLM) (i.e. response to receiving a question, e.g. What are their products, from user A via PalBOT [i.e. the chatbot], the method/system may generate an answers, e.g. XYZ’s products include this and that [i.e. a detailed response to the question] via LLM 130 [i.e. a custom Large Language Model (LLM)) (Fig. 9 and ¶ 0154). However, Mukherjee does not explicitly disclose: Wherein the custom LLM is trained using cloud provider documentation and documentation associated with the cloud-based security solution, such that the detailed response comprises any of (i) step-by-step remediation recommendation based on alerts associated with the enterprise’s cloud environment (ii) navigation instructions for the UI and (iii) configuration recommendations during onboarding of the cloud based security solution. On the other hand, in the same field of endeavor, Davraev teaches: Wherein the custom LLM is trained using cloud provider documentation and documentation associated with the cloud-based security solution (i.e. the security alert generative language model is a type of GLM [i.e. the custom LLM] that is fine-tuned [i.e. trained] based on security alerts and security incidents. For example, the security alert generative language model [i.e. the custom LLM] is fine-tuned [i.e. trained] with security-based literature [i.e. cloud provider documentation] and other security incident documentation [i.e. documentation associated with the cloud-based security solution] associated with cloud computing system) (102 – Fig. 1 and ¶ 0028), such that the detailed response comprises any of (i) step-by-step remediation recommendation based on alerts associated with the enterprise’s cloud environment (ii) navigation instructions for the UI and (iii) configuration recommendations during onboarding of the cloud based security solution (i.e. as a response to the query from context-based insight system associated with client device 140, the method/system, using the security alert generative language model [i.e. LLM], may generate a security incident report [i.e. the detailed response] including remediation actions [i.e. step-by-step remediation recommendation] based on security alerts associated with the cloud computing system 102 [i.e. (i) step-by-step remediation recommendation based on alerts associated with the enterprise’s cloud environment]) (140 – Fig. 1, 212 – Fig. 2, ¶ 0034 – 0035 and ¶ 0051). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system/computer-readable-medium of Mukherjee to include the feature Wherein the custom LLM is trained using cloud provider documentation and documentation associated with the cloud-based security solution, such that the detailed response comprises any of (i) step-by-step remediation recommendation based on alerts associated with the enterprise’s cloud environment (ii) navigation instructions for the UI and (iii) configuration recommendations during onboarding of the cloud based security solution as taught by Davraev so that the methos/system may generate security incident reports based on correlated security alerts within a security incident using the custom LLM (Abstract and ¶ 0051). However, the combination of Mukherjee and Davraev does not explicitly disclose: the documentation including at least frequently asked questions, Hypertext Markup language (HTML) pages, and internal product documentation. On the other hand, in the same field of endeavor, Tran teaches: the documentation including at least frequently asked questions, Hypertext Markup language (HTML) pages, and internal product documentation (i.e. learning machine, e.g. deep neural network architecture such as GPT-based [i.e. LLM], may be trained using the training data which may include documents [i.e. documentation] such as FAQs [i.e. frequently asked questions, web sites of the company [i.e. Hypertext Markup language (HTML) pages] and non-public product maintenance or service information for products [i.e. internal product documentation]) (Fig. 3A and ¶ 00217 - 0223). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system/computer-readable-medium of Mukherjee and Davraev to include the feature wherein the documentation including at least frequently asked questions, Hypertext Markup language (HTML) pages, and internal product documentation as taught by Tran so that the methos/system may implement comprehensive training process that utilizes periodically updated training data (Fig. 3A and ¶ 00217 - 0223). Regarding Claims 2 and 12, Mukherjee, Davraev and Tran disclose: training the custom LLM using cloud provider documentation and documentation associated with the cloud-based security solution (Davraev - i.e. the security alert generative language model is a type of GLM [i.e. the custom LLM] that is fine-tuned [i.e. trained] based on security alerts and security incidents. For example, the security alert generative language model [i.e. the custom LLM] is fine-tuned [i.e. trained] with security-based literature [i.e. cloud provider documentation] and other security incident documentation [i.e. documentation associated with the cloud-based security solution] associated with cloud computing system) (Davraev - 102 – Fig. 1 and ¶ 0028); and periodically collecting updated cloud provider documentation and updated enterprise security documentation and retraining the custom LLM with the updated data (Tran - i.e. learning machine may collect updated training data [i.e. updated cloud provider documentation and updated enterprise security documentation] on periodic basis; then learning machine may periodically update training with new data [i.e. retraining the custom LLM with the updated data]) (Tran – Fig. 3A and ¶ 0216 – 0224). The prior art used in the rejection of the current claim is combined using the same motivations as was applied in claims 1 and 11. Regarding Claims 3 and 13, Mukherjee, Davraev and Tran disclose, in particular Tran teaches: wherein the documentation associated with the cloud-based security solution includes frequently asked questions and customer support feedback from users of the cloud-based security solution (i.e. the training data includes FAQs [i.e. frequently asked questions] and user reviews [i.e. customer support feedback from users of the cloud-based security solution]) (Fig. 3A and ¶ 0216 – 0224). The prior art used in the rejection of the current claim is combined using the same motivations as was applied in claims 1 and 11. Regarding Claims 10 and 20, Mukherjee, Davraev and Tran disclose, in particular Mukherjee teaches: wherein the detailed response includes one or more links to documentation associated with the cloud-based security solution (i.e. response generated by LLM may include a button 710 [i.e. one or more links] which allows, if pressed by the user, access to relevant documents [i.e. documentation] associated with the cloud managed security/permission aware [i.e. the cloud-based security solution] document search service) (Fig. 7, ¶ 0045 and ¶ 0148). Claim(s) 5 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mukherjee in view of Davraev further in view of Tran as applied to claims 1 and 11 above, and further in view of Tiwari et al. (US PAT 12277278), hereinafter "Tiwari". Regarding Claims 5 and 15, Mukherjee discloses all the features with respect to Claims 1 and 11 as described above. However, Mukherjee does not explicitly disclose: wherein the detailed response includes steps relating to navigation of the UI associated with the cloud-based security solution. On the other hand, in the same field of endeavor, Tiwari teaches: wherein the detailed response includes steps relating to navigation of the UI associated with the cloud-based security solution (i.e. the method/system may generate a response (bot response 504) [i.e. the detailed response] in a natural language format that explains that the create activity task requires two steps and provides a prompt for the user to execute guided navigation 310 from the GUI to complete the remaining steps [i.e. steps relating to navigation of the UI associated with the cloud-based security solution] and input any missing slots 606) (Fig. 6 and Column 16 Line # 40 - 45). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system/computer-readable-medium of Mukherjee to include the feature wherein the detailed response includes steps relating to navigation of the UI associated with the cloud-based security solution as taught by Tiwari so that the methos/system may inform user of the necessary steps for completing a particular task (Fig. 6 and Column 16 Line # 40 - 45). Allowable Subject Matter Claims 4, 6-9, 14 and 16-19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SOE MIN HLAING whose telephone number is (303)297-4282. The examiner can normally be reached Monday-Friday 9AM - 5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher Parry can be reached at 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Soe Hlaing/ Primary Examiner, Art Unit 2451
Read full office action

Prosecution Timeline

Mar 15, 2024
Application Filed
Jul 12, 2025
Non-Final Rejection — §103
Oct 10, 2025
Response Filed
Feb 05, 2026
Final Rejection — §103
Apr 06, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12598134
PACKET DISCARD NOTIFICATIONS
2y 5m to grant Granted Apr 07, 2026
Patent 12592904
INTELLIGENT TRANSACTION SCORING
2y 5m to grant Granted Mar 31, 2026
Patent 12587494
COORDINATED EMOTION REPRESENTATION AND EXPRESSION IN MULTI-AGENT DIGITAL ASSISTANTS
2y 5m to grant Granted Mar 24, 2026
Patent 12580983
DATA TRANSMISSION METHOD AND COMMUNICATION APPARATUS
2y 5m to grant Granted Mar 17, 2026
Patent 12549618
APPARATUS AND METHOD FOR ENCODING VIDEO WITH ULTRA-LOW LATENCY
2y 5m to grant Granted Feb 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
82%
Grant Probability
99%
With Interview (+17.5%)
2y 6m
Median Time to Grant
Moderate
PTA Risk
Based on 353 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month